[sheepdog] [PATCH 1/2] collie: fix buffer overflow of size_to_str()
Liu Yuan
namei.unix at gmail.com
Tue Sep 11 10:17:10 CEST 2012
From: Liu Yuan <tailai.ly at taobao.com>
We might end up with i == ARRAY_SIZE(units), which will cross array boundry.
Signed-off-by: Liu Yuan <tailai.ly at taobao.com>
---
collie/common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/collie/common.c b/collie/common.c
index 46f0123..a3a77aa 100644
--- a/collie/common.c
+++ b/collie/common.c
@@ -29,7 +29,7 @@ char *size_to_str(uint64_t _size, char *str, int str_size)
size = (double)_size;
size /= 1024 * 1024;
- while (i < ARRAY_SIZE(units) && size >= 1024) {
+ while (i < ARRAY_SIZE(units) - 1 && size >= 1024) {
i++;
size /= 1024;
}
--
1.7.10.2
More information about the sheepdog
mailing list